ccp status to the nasa advisory council human … · ccp status to the nasa advisory council human...
TRANSCRIPT
CCP Statusto the
NASA Advisory Council Human Exploration and Operations Committee
Kathryn Lueders
Manager
Commercial Crew Program
November 5, 2015
NASA CCP Certification
● CCP Certification/CoFR strives to achieve a balance of insight/oversight appropriate for shared government & industry accountability in establishing a safe, reliable, and cost-effective CTS
– The Industry Partner is responsible for the design, development, test and evaluation; culminating in their certification assertion of its CTS to transport crew to and from the ISS.
– NASA CCP is accountable for ensuring compliance to CCP’s human spaceflight requirements thru evaluation and approval of the Contractor’s compliance evidence and execution of NASA’s insight into the Contractor’s solution in accordance with a risk based insight approach implemented under a shared assurance model.
2
Government / Industry Accountability
● CCP Cert/CoFR activities based on shared accountability balance that acknowledges:
– Industry’s safety obligations in owning and operating CTS services for both government and private sectors
– NASA’s critical obligations for assuring crew safety & mission success for NASA missions, relying on a shared assurance and risk based strategy
Shared Accountability Balance
NASARQMTS
BASE CERT
CoFR
INDUSTRY
DDT&E PROD OPS
SHARED ACCOUNTABILITY
3
Government / Industry Accountability
Activity NASA Industry
Establish Requirements
• Flow down and Tailor Agency Rqmts(Mission Rqmts, HRR, Standards)
• Disposition Rqmts Variances
• Flow down of CCP Requirements and Tailoring;
• Evaluate Rqmts Achievability
Manage Development Risk
• Development Oversight• Elevate Design and Development Risks
from Insight
• Produce Mgmt Plans• Perform Risk Reduction Planning
Establish Cert Baseline
• IV&V• Accept Cert Compliance• Support Joint Test Planning• Accept Residual Risk
• Submit Cert Data Packages• Perform System Validation• Quantify Residual Risk (PSA,
Reliability)
ValidateBaseline Cert
• Quality Assurance Audits• Accept Problem Resolutions
• Accept Hardware• Problem Identification,
Resolution, Corrective Actions
Assess Mission Readiness
• Accept Flight Certification and Residual Risk
• Compliance Evidence of Hardware/Team Readiness
4
Allocation of Responsibilities
CTS
Certified
Flight
Readiness
Certification
Desig
n C
ert
Flig
ht C
ert
By design, the CCP model allocates greater accountability to industry.
Implementation of Insight/Oversight
● To meet the level of government assurance required to achieve Agency and Stakeholder confidence, NASA CCP performs a risk based approach to both Oversight and Insight Activities.
● The risk based CCP Certification approach achieves a balance of NASA insight/oversight appropriate for shared government & industry accountability in establishing a safe, reliable, and cost-effective CTS.
5
• Risk Based Insight• Risk Based Assessment (RBA) • Surveillance/Audits
• Approval of Contractor Deliverables / Milestones
Oversight Activities
Insight Activities
CCP Certification
Shared Assurance
CCP Certification Implementation
● Key Components of NASA’s Certification through design, development, test, production, and operations include:
– Certification Plan
Defines an integrated strategy for certification of the complete CTS and defines a structured and organized approach for implementing the strategy
– Requirement Verification and Validation
Requirement Development
Verification and Validation Plans
Verification Closure Notices
Variances to NASA requirements
Specifications and Standards compliance
– Phased Safety Reviews
Hazard Reports
– Insight and Audits
– Approval of Key Milestone Reviews and Deliverables
6
NASA CCP Certification
● NASA CTS Certification is the approval of the Commercial Provider’s evidence of:
– Compliance with the technical management processes requirements covered in Crew Transportation Technical Management Processes (CCT-PLN-1120)
– Adherence to the technical standards in Crew Transportation Technical Standards and Design Evaluation (CCT-STD-1140) and the operational standards in Crew Transportation Operations Standards (CCT-STD-1150)
– Compliance to the technical requirements in ISS Crew Transportation and Services Requirements (CCT-REQ-1130) and ISS to Commercial Orbital Transportation Services (COTS) Interface Requirements Document (IRD) (SSP 50808)
● The CCP and the ISS Program will approve of the Commercial Provider’s compliance with the CTS requirements in ISS Crew Transportation and Services Requirements (CCT-REQ-1130). The ISS Program will approve of the Commercial Provider’s compliance with the requirements in ISS to Commercial Orbital Transportation Services (COTS) Interface Requirements Document (IRD) (SSP 50808).
7
CCP Requirement Development
● Agency, HEOMD, and Program retain key accountability for NASA Human Spaceflight safety and mission success requirements allocated from NPR 8705.2B within overall NASA and industry shared accountability structure
– NPR 8705.2B was used as a basis in developing the HEOMD-10001 document, with applicable requirements flowed down to CCP Requirements documents, which have been levied on the CCtCap contract
– The Human Rating Certification Package in NPR 8705.2B Appendix D represents a sub-set of the data required in the CCTS Certification Data Package defined in HEOMD-10001
8
NPR 8705.2B Allocation to CCTS
CCTS Documentation Flowdown
Human-Rating Requirements
for Space Systems
NPR 8705.2B
Used as a Basis for
Level 1
Level 2
Commercial Crew Transportation System
Certification Requirements for NASA Low Earth
Orbit Missions Certification Data PackageHEOMD-CSD-10001
(formerly ESMD-CCTSCR-12.10)
Crew Transportation Plan
CCT-PLN-1100
Crew Transportation Technical Management Processes
CCT-PLN-1120
ISS Crew Transportation and Services Requirements
Document
CCT-PLN-1130
Crew Transportation Standards and Processes Criteria
CCT-PLN-1140
ISS to Commercial Orbital Transportation Services
(COTS) Interface Requirements Document (IRD)
SSP 50808
Crew Transportation System Design Reference
Missions
CCT-PLN-1110
Crew Transportation Operations Standards
CCT-PLN-1150
Allo
ca
ted
/ D
eri
ve
d
CCtCap Contract Requirements
J-01, Integrated Requirements
J-02, Data Requirement Deliverables
J-03, Performance Work Statement
Allo
ca
ted
in fu
ll
Contractor
Certification
Data Package
(DRD 112)
CBR Data Package (DRD 102)
DCR Data Package (DRD 103)
ORR Data Package (DRD 105)
CR Data Package (DRD 106)
FTRR Data Package (DRD 104)
Inc
rem
en
tal A
cc
ep
tan
ce t
hru
DR
Ds &
Mil
es
ton
e A
pp
rov
al C
on
trac
tor C
ertific
atio
n
Ev
ide
nc
e &
En
do
rse
me
nt
Commercial Crew Program Plan
CCT-PLN-1000
CTS Certification Plan
CCT-PLN-2000
CCtCap NASA Insight, Oversight and
Independent Certification Activities
Allocated in full
NASA Certification
Evidence & Endorsement
NASA Insight
The CCTS Certification Requirements, based upon NPR 8705.2, provide a solid foundation for Contractor Assertion and NASA Endorsement of Certification
Certification Plan (DRD 107)
V&V Plan (DRD 108)
Flight Test Plan (DRD 109)
Hazard Reports (DRD 110)
VCNs (DRD 111)9
CCT-REQ-1130
● CCT-REQ-1130 contains:
– Performance requirements in meeting the ISS DRM documented in CCT-PLN-1110
– Human rating requirements allocated from NPR 8705.2B (trace shown below)
10
Purpose and Mapping
NPR 8705.2B Human-Rating Technical Requirements
(Chapter 3)
→ Maps to HEOMD-
10001 Requirement
→ Allocated to CCT-REQ-1130 Requirement
Key Title Key Key Title
3.2.1 Crew Environment 5.2.1
3.10 (and subs)
Human Health, Medical and Performance
3.2.5.11 Pressure Suits
3.2.2Probabilistic Safety Criteria 5.2.2 3.2.1.1 Loss of Crew Risk
3.2.1.2 Loss of Mission Risk
3.2.3 Failure Tolerance 5.2.3 3.2.3.1Failure Tolerance to Catastrophic Events
3.2.3.3Separation of Redundant Systems
3.2.4Failure Tolerance without Emergency Equipment 5.2.4 3.2.3.2
Failure Tolerance without Aborts
3.2.5Tolerate Inadvertent Operator Action 5.2.5 3.8.5.1.2
Tolerate Inadvertent Action
3.2.6
Tolerate Inadvertent Operator Action during Failure 5.2.6 3.8.5.1.4
Tolerate Inadvertent Action during Failure
3.2.7 Critical Software Control 5.2.7 3.9.2.1Software Engineering Requirements
3.2.8Detect and Annunciate Faults 5.2.8 3.2.4.1
Detect and Annunciate Faults
NPR 8705.2B Human-Rating Technical
Requirements (Chapter 3)
→ Maps to HEOMD-
10001 Requirement
→ Allocated to CCT-REQ-1130 Requirement
Key Title Key Key Title
3.2.9Isolate and Recover from Faults 5.2.9 3.2.3.4
Isolate and Recover from Faults
3.2.10Health and Status Data 5.2.10 3.2.4.2
Record and Display Health and Status
3.2.11Autonomous Operation of System 5.2.11 3.2.6.3
Autonomous Operation of System
3.2.12Access Emergency Equipment 5.2.12 3.2.5.1
Access Emergency Equipment
3.3.1Crew Control of Vehicle 5.3.1 3.8.5.1.1 Crew Control of Vehicle
3.3.2Manually Override Software 5.3.2 3.2.6.1
Manually Override Software
3.2.6.2
Manually Override Software - Post-Separation
3.3.3Ground Monitoring and Operation 5.3.3 3.7.1
Ground Monitoring and Operation
3.4.1Manual Control of Vehicle Flight Path 5.4.1 3.8.4.1
Manual Control of Vehicle Flight Path
3.8.4.2Manual Piloting for Docking
3.4.2 Handling Qualities 5.4.2 3.8.4.3 Handling Qualities
(Remaining trace in backup)
Commercial Partner Certification Assertion
● The CCP Certification builds upon the requirements levied on the CCtCap contract:
1. A Commercial Provider develops a CTS and asserts that it meets NASA’s safety, crew, and technical requirements and that it is managed to an acceptable level of risk for transporting NASA crew.
2. The CCP substantiates the Commercial Provider’s assertion.
11
NASA’s Requirements
CCT-PLN-1100 CCT-REQ-1130
CCT-DRM-1110 CCT-STD-1140
CCT-PLN-1120 CCT-STD-1150
SSP 50808
Commercial Provider Requirements
Performance Requirements (Design,
production, and operations)
Specifications Management Plans
Standards Operational Plans
Hazard Controls Risk Management
Allocated /
Derived into
Commercial Provider Assertion via
Type 1 / 2 CCtCap
DRD
Design Certification
Review
Certification Review
Results in
NASA Approval of:
Certification Plan
Management Plans
Design Certification Review
Specs & Standards
Certification Data Package
V&V Plan
Operational Plans
Certification Review
VCNs
Hazard Reports
Variances
CCT-REQ-1130 / SSP 50808
● CCT-REQ-1130 requirement are the requirement set for the entire CTS from launch through landing while independent of ISS
● SSP 50808 is an over-arching Interface Requirements Document for ISS– Covers CRS and Commercial Crew– Contains requirements that are necessary for the docking or berthing to the ISS
– Contains requirements governing the visiting vehicle within the 4 x 2 x 2 km approach ellipsoid around ISS
– Contains requirements for the vehicle as docked to ISS– Day to day living and activities as part of station
● Standards– All standards for both documents have been reviewed and are the same or complimentary.
An example of complimentary are the two fracture control standards. One is for the broad scope of the system and the other is ISS specific:
o NASA-STD-5019 for system fracture controlo SSP 30558 for ISS specific fracture control
● Variances – Variances can be submitted for both CCT-REQ-1130 and SSP 50808 requirements
– All variances will be reviewed and approved through the appropriate Program Board structure
● Requests for variances to SSP 50808 processed in accordance with ISSP Board Structure
● ISS Integration is based on successful visiting vehicle integration both with International Partners and Commercial Resupply Services (CRS)
12
CCP Specifications and Standards
● Subset of the 1130 & 50808 requirements pertain to specifications and standards
● One type of standard must be followed completely with no deviation or alternative proposal.– They are identified by the words “meet” within the corresponding sections of the
documentation.
● The majority of the standards identified are standards which use the language “meet the intent of.” – These contain requirements that can be met explicitly by following the standard
or by proposing alternate standards that meet or are consistent with the requirement levied in the NASA Standard
– Providers are allowed to provide alternate standards that meet the intent of the NASA requirement.
These alternate standards are delivered to NASA for formal assessment.
● There are many other standards that may be utilized in the design and manufacturing process and for standard operations. – These are the third type of standard and many of these can be found in the
reference documents section.
Verification Development Flow
14
Verification
Requirement
Development
Test Plan
Development
Test
Procedure
Development
Test Results
and VCN
Closure *
• Defines Methods
• Major Activities
• Sets Success Criteria
• Detailed Description of
Test Activities, Test
Cases, facilities and
instrumentation
description
• Typically developed only
for key tests
• Detailed Test Sheet
with QA sign-offs on
build-up and
execution
• Analysis report of
Test Data
• Reconciliation with
the requirements
• Assertion of
Compliance
V&V Plan* Detailed Planning
Analysis Cycle
Planning
Analysis Task
Execution
Analysis
Results and
VCN Closure *
• Formulation of Analysis
Tasks and
synchronization with Test
activities
• Analysis report
• Reconciliation with
the requirements
• Assertion of
Compliance
* Approval Points
NASA Phased Safety Review Requirements
● Phased safety review process is levied through CCT-PLN-1120, various SSP documents, and the tCap contract– Ensures that there are adequate controls for catastrophic hazards
– Given the high-level requirements from CCP & ISS, the tCap partners must derive their own detailed requirements for these controls
– Also serves as the basis for verifying significant requirements in CCT-REQ-1130– Hazards that can effect the ISS are reviewed jointly with the established ISS Visiting Vehicle
Safety Review Panel (SRP) and the CCP Safety Technical Review Board (STRB)
● In accordance with CCT-PLN-1120 and SSP 30599, NASA Phased Safety Reviews will be conducted in three phases:– Phase I will be conducted in a timeframe consistent with a Preliminary Design Review (PDR)
(during CPC)
– Phase II will be conducted in a timeframe that is consistent with a Critical Design Review (CDR) level of maturity (currently in work)
– Phase III will be conducted in a timeframe that is consistent with a DCR level of maturity Phase III includes the incremental closure of all the verification activities for the controls
identified in hazard reports
● The scope of the safety reviews is to determine, given a Commercial Provider’s solution, that analysis was conducted to the appropriate level to surface key risks in the design and whether risks exist beyond the requirements established for certification– Results are intended to inform the design and program reviews and establish the level of
acceptable risk for the system
– Any requirement non-compliances or accepted risk outside the STRB is forwarded to the CCP/ISS Program Boards for acceptance
15
Key Certification Milestones
● CCtCap designated the following Mandatory Interim Milestones to review and/or approve the Contractor’s progress toward Certification
16
CCtCap Start
Certification
Provider CCTS Maturity
Certification Baseline Review (CBR)
Objectives:
• Identification of baseline requirements and current CTS design baseline;
• Document management plans and products;
• Define the plan and schedule to complete DDTE and Certification;
• Define top safety, technical, cost, and schedule risks
ISS Design Certification Review (DCR)
Objectives:
• Demonstrate that the CTS and operations meet all applicablerequirements;
• Provide evidence of requirement compliance through implementation of its baselined management and certification plans;
• Demonstrate schedule performance;
• Define top safety, technical, cost and schedule risks
Flight Test Readiness Review (FTRR)
Objectives:
• Demonstrate readiness to conduct a crewed flight test;
• Define a risk baseline for crewed flight test activities
Operations Readiness Review (ORR)
Objectives:
• Demonstrate that the actual CTS system characteristics and procedures used in operations reflect the deployed state of the CTS;
• Evaluate all project and support (flight and ground) hardware, software, personnel, and procedures to ensure flight and associated ground systems are in compliance with program requirements and constraints
Certification Review (CR)
Objectives:
• Provide evidence that the CTS has met all NASA requirements in Attachment J-01;
• Provide documentation of crew safety and mission assurance risks associated with the CTS
Certification / CoFR Plan Overview
● CTS Certification is the approval of the Commercial Provider’s evidence that
all tests/analyses/verification and validation proves that the baseline design
meets the requirements (e.g. reference configuration)
– CTS Certification will be incrementally approved through Oversight and Risk Based
Insight in parallel to CCtCap Certification related milestones (i.e. Uncrewed Flight Test
DCR, Crewed Flight Test DCR, ORR, and CR)
– To support this CTS Certification process, CCP SE&I will revise the existing Certification
Plan (CCT-PLN-2000) to include the Certification endorsements and sub-endorsements
● CTS CoFR refers to the NASA endorsement that compares and validates the
hardware built and any issues uncovered to the reference certified
configuration
– CTS CoFR will be incrementally approved through Oversight and Risk Based Insight in
parallel to CCtCap Flight Readiness milestones: (i.e. Uncrewed Flight Test FTRR, Crewed
Flight Test FTRR, and PCM FRRs)
– To support this CTS CoFR process, CCP SE&I will create the CCP CoFR Plan (CCT-PLN-
2100) to document the overall philosophy, roles and responsibilities and CoFR
endorsements and sub-endorsements.
17
Certification / CoFR Structure and Forward Plan
● CCT-PLN-2000 and CCT-PLN-2100 will cover the overall CTS Certification approval and CoFR endorsement throughout the Agency
– Certification approvals and CoFR endorsements will include:
Both CCP and ISSP Program Managers
CCP System Office Managers
ISS Office Managers, as required by SSP-50108 (CoFR endorsements only)
The Chief of each Technical Authority (Engineering, S&MA, HH&P) and FOD Manager
– AA HEOMD is the ultimate approval authority for both Certification and CoFR
● The Certification and CoFR Plans are Partner Independent
● The end goal is to have the revised CCT-PLN-2000 and new CCT-PLN-2100, along with the supporting tasks for those plans, baselinedby December
18
Summary
● CCP
– Continues to work with both Providers on maturing their designs
– Establishing the NASA expectations for both the CCP Certification Plan and Certification of Flight Readiness Plans
● Both Providers
– Are meeting contractual milestones
– Are progressing through the Phase II Safety Reviews
– Are working detailed Verification and Validation planning
– Are maturing their detailed designs
– Are providing increased insight opportunities for the NASA team
– Have advanced beyond paper products and are building and testing hardware
● They, and we, have a great deal of work in front of us.
19